机密计算平台

{"list":[{"id":72746,"title":"产品动态","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_72746_cn.pdf","link":"/document/product/1542/72746"},{"id":70302,"title":"产品简介","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_70302_cn.pdf","children":[{"id":72708,"title":"产品概述","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/72708"},{"id":72709,"title":"产品优势","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/72709"},{"id":72710,"title":"应用场景","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/72710"}],"link":"/document/product/1542/70302"},{"id":71458,"title":"快速入门","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_71458_cn.pdf","link":"/document/product/1542/71458"},{"id":104141,"title":"购买指南","type":"directory","docType":"price","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_104141_cn.pdf","children":[{"id":70310,"title":"计费概述","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_70310_cn.pdf","link":"/document/product/1542/70310"},{"id":104142,"title":"购买方式","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/104142"},{"id":104143,"title":"续费说明","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/104143"},{"id":104144,"title":"欠费说明","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/104144"},{"id":104145,"title":"退费说明","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/104145"}],"link":"/document/product/1542/104141"},{"id":70313,"title":"操作指南","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_70313_cn.pdf","children":[{"id":73880,"title":"环境配置指南","type":"directory","docType":"default","pdfUrl":"","children":[{"id":73895,"title":"配置 CVM 环境","type":"directory","docType":"default","pdfUrl":"","children":[{"id":73896,"title":"TencentOS","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73896"},{"id":73897,"title":"Ubuntu","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73897"}],"link":"/document/product/1542/73895"},{"id":73881,"title":"配置 TKE 环境","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73881"}],"link":"/document/product/1542/73880"},{"id":73882,"title":"控制台指南","type":"directory","docType":"default","pdfUrl":"","children":[{"id":73883,"title":"查看计算节点","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73883"},{"id":73884,"title":"查看远程证明","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73884"},{"id":77612,"title":"查看资源概览","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/77612"},{"id":73885,"title":"创建机密应用","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73885"},{"id":73886,"title":"创建密钥","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73886"},{"id":77613,"title":"创建实例","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/77613"},{"id":77614,"title":"服务授权","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/77614"},{"id":73887,"title":"删除机密应用","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73887"},{"id":73888,"title":"删除密钥","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73888"},{"id":77615,"title":"删除实例","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/77615"}],"link":"/document/product/1542/73882"},{"id":73889,"title":"命令行指南","type":"directory","docType":"default","pdfUrl":"","children":[{"id":73890,"title":"安装 CCPCLI","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73890"},{"id":73891,"title":"封装机密镜像","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73891"},{"id":73892,"title":"封装机密应用","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73892"},{"id":73893,"title":"启动机密镜像","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73893"},{"id":73894,"title":"启动机密应用","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73894"},{"id":74010,"title":"常见命令","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/74010"}],"link":"/document/product/1542/73889"}],"link":"/document/product/1542/70313"},{"id":70324,"title":"最佳实践","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_70324_cn.pdf","children":[{"id":73878,"title":"CVM 运行机密应用","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73878"},{"id":73879,"title":"TKE 部署机密镜像","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1542/73879"}],"link":"/document/product/1542/70324"},{"id":70330,"title":"常见问题","type":"page","docType":"faq","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_70330_cn.pdf","link":"/document/product/1542/70330"},{"id":91029,"title":"服务等级协议","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_91029_cn.pdf","link":"/document/product/1542/91029"},{"id":70333,"title":"联系我们","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_70333_cn.pdf","link":"/document/product/1542/70333"},{"id":70334,"title":"词汇表","type":"page","docType":"glossary","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1542_70334_cn.pdf","link":"/document/product/1542/70334"}],"categoryId":1542,"title":"机密计算平台","lang":"zh"}

文档中心机密计算平台操作指南命令行指南封装机密镜像

封装机密镜像

最近更新时间：2024-04-24 10:49:11

我的收藏

本页目录：

操作场景
本文介绍如何使用 CCPCLI 封装机密镜像。
前提条件
已开通 密钥管理服务 KMS 和 容器服务 TKE。
已同意为机密计算平台创建服务相关角色，并 授权调用 其他云服务接口。
步骤1：创建机密应用﻿﻿
创建机密应用，指定有效的远程证明密钥。详情请参见控制台指南中的创建机密应用。
步骤2：安装 CCPCLI 命令行工具﻿﻿
在信任的设备中，安装 CCPCLI 命令行工具，详情请参见﻿﻿ 安装 CCPCLI。
步骤3：准备目标镜像﻿﻿
在本示例中，我们使用 dockerfile 创建一个包含 redis 服务的 ubuntu 镜像作为目标镜像。
$ echo 'FROM ubuntu:20.04' > Dockerfile
$ echo 'RUN apt-get update' >> Dockerfile
$ echo 'RUN apt-get -y install redis' >> Dockerfile
$ docker build -t myredis .
﻿
$ docker images
REPOSITORY     TAG       IMAGE ID       CREATED          SIZE
myredis        latest    0f261dd3de17   36 seconds ago   111MB
ubuntu         20.04     2b4cba85892a   3 days ago       72.8MB
步骤4：封装目标镜像
使用 CCPCLI 的 pack 指令来封装机密镜像，其中--capp-id 需要设置为 步骤1 创建的机密应用的 ID，--app-image 需要设置为 步骤3 创建的目标镜像名称，其他参数配置可查询 命令行指南-常用命令。
注意：
生成的机密镜像名称为sec_<image_name>，如果存在同名的镜像，可使用--force参数覆盖。
生成的 sec_<镜像名称> 即为封装的机密镜像。
$ ccp-cli pack --app-entry="/usr/bin/redis-server" \\
             --memsize=2048M --thread=32 \\
             --tmpl=default \\
             --secret-id=<user_secret_id> \\
             --secret-key=<user_secret_key> \\
             --capp-id=<application_id> \\
             --app-image=<image_name> \\
             --app-type=image
...
Successfully built 96d181069a7e
Successfully tagged sec_<image_name>:latest
﻿

上一篇: 安装 CCPCLI 下一篇: 封装机密应用